Please ensure Javascript is enabled for purposes of website accessibility
Powered by Zoomin Software. For more details please contactZoomin

Asset Framework and PI System Explorer (PI Server 2024 R2)

TABLE OF CONTENTS

Learn about security hierarchy

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
  • Last UpdatedMay 21, 2025
  • 1 minute read

PI Asset Framework (AF) supports both OpenID Connect (OIDC), used for implementing claims-based authentication, and Windows integrated security to authenticate users and establish their PI AF identities through mappings.

If you use OIDC for authentication, you can map Identity provider roles to PI AF identities to assign a group of users to one or more PI AF identities.

PI AF uses the PI AF identities to control read, write, delete, and various other permissions on PI AF components shown in the following illustration. Each securable PI AF object (element, event frame, and notification, and so on) throughout the hierarchy has an associated security descriptor that contains the access permissions information for that object.

All PI AF objects of the same type belong to a collection. For example, every PI AF element in a database belongs to the Elements collection for that database. Each collection also has an associated security descriptor that contains access permission information. Security descriptors for some collections are configured for an entire PI AF server (such as identities and mappings), whereas others (such as analyses, elements, and event frames) can be configured for a specific database.

PI AF hierarchy of securable collections

A graphic that lists PI AF collections or components under two headings: Server and database. It illustrates how access permissions and collection security may need to be configured on a PI AF server or a specific database.

For more information on collection security, see PI AF collection security.

TitleResults for “How to create a CRG?”Also Available in